Um novo anúncio foi feito no que diz respeito da Wi-Fi Alliance (a organização gestão de tecnologias de internet sem fio): o lançamento oficial do WPA3 já é um fato:
Wi-Fi Alliance apresenta Wi-Fi CERTIFIED WPA3™, a próxima geração de segurança Wi-Fi®, bringing new capabilities to enhance Wi-Fi protections in personal and enterprise networks. Building on the widespread adoption of WPA2™ over more than a decade, WPA3™ adds new features to simplify Wi-Fi security, enable more robust authentication, and deliver increased cryptographic strength for highly sensitive data markets. As the Wi-Fi industry transitions to WPA3 security, WPA2 devices will continue to interoperate and provide recognized security, a declaração lê.
WPA3 Comes after the KRACK Vulnerability
Em outras palavras, WPA3 is the latest version of Wi-Fi Protected Access otherwise known as WPA – a user authentication technology aimed at wireless connections. A Alliance começou a desenvolver WPA3 após a descoberta da vulnerabilidade KRACK dentro do protocolo WPA2. A falha permitiu que os invasores tivessem acesso a transmissões Wi-Fi protegidas pelo padrão WPA2.
The Krack attack was capable of exploiting the way the security handshake of the WPA2 encryption protocol is handled. Esta é uma sequência de solicitações e respostas que fornecem dados protegidos criptograficamente. The researchers uncovered that when the third step is sent using multiple times, em algumas situações, uma mensagem criptográfica pode ser reutilizada de uma forma que efetivamente interrompa as medidas de segurança.
atualmente, WPA3 is optional for brand new device models. Contudo, it is expected to become the ultimate Wi-Fi authentication standard for all Wi-Fi-enabled devices in the years to come. Even though no particular date has been outlined, WPA3 will sustain interoperability with older WPA2 devices so that the transition is flawless.
Some of the key capabilities of WPA3 include WPA3-Personal and WPA3-Enterprise:
- WPA3-Personal is conceived as a more resilient, password-based authentication even when users choose passwords that fall short of typical complexity recommendations, as explained by the Alliance. WPA3 uses Simultaneous Authentication of Equals (SAE), a secure key establishment protocol between devices, to provide stronger protections for users against password guessing attempts by third parties.
- WPA3-Enterprise is designed to offer the equivalent of 192-bit cryptographic strength, which provides additional protections for networks transmitting sensitive data, such as governmental or financial organizations. The 192-bit security suite serves to ensure a consistent combination of cryptographic tools are deployed across WPA3 networks.
Wi-Fi Enhanced Open Also Introduced
The Alliance also recently introduced the Wi-Fi CERTIFIED Enhanced Open – a certification program that delivers new benefits for users in open Wi-Fi networks, the announcement reads. Why is Wi-Fi Enhanced Open needed?
In scenarios where user authentication is not desired or distribution of credentials is impractical – such as local coffee shops or guest networks with a web portal in airports, hotéis, and sports arenas – Wi-Fi Enhanced Open™ now delivers improved data protections while maintaining the convenience and ease-of-use of open networks.
This technology leverages an algorithm called Opportunistic Wireless Encryption (OWE) which is used to encrypt connections between a Wi-Fi user and the router/access point via its own custom encryption key.
This type of encryption averts local attackers from snooping on user traffic, even in cases when the network doesn’t require a password to connect to it.
Do You Know What Wi-Fi Stands For?
Como explicado by Webopedia, there is a common misconception about the term Wi-Fi – that it is short for “wireless fidelity.” This is not true at all as Wi-Fi is simply a trademarked term, meaning IEEE 802.11x. This misconception has spread to such an extent that even industry leaders have added the phrase “wireless fidelity” in a press release while in fact Wi-Fi doesn’t stand for anything.